Re: Response to phishing email
- From: Richard Kettlewell <rjk@xxxxxxxxxxxxxxx>
- Date: Mon, 10 Dec 2007 11:39:06 GMT
Fevric J Glandules <fevric@xxxxxxxxxxxxxxx> writes:
Here's a scary screenshot:
http://regmedia.co.uk/2007/05/25/hsbc_spoof.jpg
That's a legit domain name, and a fake site. Not done through
DNS either. (Writing a hosts file entry always seems to me the
best way of going about this, but IANACriminal).
Presumably: pop up a window without the usual browser furniture, fake
it with an image if you're feeling lazy or careful use of HTML if
enthusiastic.
(Browsers allowing web sites to hide this furniture is annoying at the
best of times, and it ought to be considered a security bug.)
Also it's possible to register domains that look very much like the
real thing, but are actually using slightly different characters.
An argument for fonts that deliberately avoid having any pair of
characters look similar. IIRC the Unicode Standard has some
suggestions about flagging names that use characters from different
scripts, but that doesn't help with I/l, l/1, 0/O.
Recently a browser told me that an https site could not be verified
'for unknown reasons'. Hopeless; and of course it still offered me an
OK button to carry on regardless.
--
http://www.greenend.org.uk/rjk/
.
- Follow-Ups:
- Re: Response to phishing email
- From: Fevric J Glandules
- Re: Response to phishing email
- From: JF
- Re: Response to phishing email
- References:
- Response to phishing email
- From: Oliver Walter
- Re: Response to phishing email
- From: Richard Tobin
- Re: Response to phishing email
- From: Fevric J Glandules
- Response to phishing email
- Prev by Date: Re: Response to phishing email
- Next by Date: Re: Response to phishing email
- Previous by thread: Re: Response to phishing email
- Next by thread: Re: Response to phishing email
- Index(es):
Relevant Pages
|
